// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "components/proximity_auth/cryptauth/cryptauth_device_manager.h"

#include <stddef.h>
#include <utility>

#include "base/base64url.h"
#include "base/prefs/pref_registry_simple.h"
#include "base/prefs/pref_service.h"
#include "base/prefs/scoped_user_pref_update.h"
#include "components/proximity_auth/cryptauth/cryptauth_client.h"
#include "components/proximity_auth/cryptauth/pref_names.h"
#include "components/proximity_auth/cryptauth/sync_scheduler_impl.h"
#include "components/proximity_auth/logging/logging.h"

namespace proximity_auth {

namespace {

// The normal period between successful syncs, in hours.
const int kRefreshPeriodHours = 24;

// A more aggressive period between sync attempts to recover when the last
// sync attempt fails, in minutes. This is a base time that increases for each
// subsequent failure.
const int kDeviceSyncBaseRecoveryPeriodMinutes = 10;

// The bound on the amount to jitter the period between syncs.
const double kDeviceSyncMaxJitterRatio = 0.2;

// Keys for ExternalDeviceInfo dictionaries that are stored in the user's prefs.
const char kExternalDeviceKeyPublicKey[] = "public_key";
const char kExternalDeviceKeyDeviceName[] = "device_name";
const char kExternalDeviceKeyBluetoothAddress[] = "bluetooth_address";

// Converts an unlock key proto to a dictionary that can be stored in user
// prefs.
scoped_ptr<base::DictionaryValue> UnlockKeyToDictionary(
    const cryptauth::ExternalDeviceInfo& device) {
  scoped_ptr<base::DictionaryValue> dictionary(new base::DictionaryValue());

  // We store the device information in Base64Url form because dictionary values
  // must be valid UTF8 strings.
  std::string public_key_b64, device_name_b64, bluetooth_address_b64;
  base::Base64UrlEncode(device.public_key(),
                        base::Base64UrlEncodePolicy::INCLUDE_PADDING,
                        &public_key_b64);
  base::Base64UrlEncode(device.friendly_device_name(),
                        base::Base64UrlEncodePolicy::INCLUDE_PADDING,
                        &device_name_b64);
  base::Base64UrlEncode(device.bluetooth_address(),
                        base::Base64UrlEncodePolicy::INCLUDE_PADDING,
                        &bluetooth_address_b64);

  dictionary->SetString(kExternalDeviceKeyPublicKey, public_key_b64);
  dictionary->SetString(kExternalDeviceKeyDeviceName, device_name_b64);
  dictionary->SetString(kExternalDeviceKeyBluetoothAddress,
                        bluetooth_address_b64);
  return dictionary;
}

// Converts an unlock key dictionary stored in user prefs to an
// ExternalDeviceInfo proto. Returns true if the dictionary is valid, and the
// parsed proto is written to |external_device|.
bool DictionaryToUnlockKey(const base::DictionaryValue& dictionary,
                           cryptauth::ExternalDeviceInfo* external_device) {
  std::string public_key_b64, device_name_b64, bluetooth_address_b64;
  if (!dictionary.GetString(kExternalDeviceKeyPublicKey, &public_key_b64) ||
      !dictionary.GetString(kExternalDeviceKeyDeviceName, &device_name_b64) ||
      !dictionary.GetString(kExternalDeviceKeyBluetoothAddress,
                            &bluetooth_address_b64)) {
    return false;
  }

  // We store the device information in Base64Url form because dictionary values
  // must be valid UTF8 strings.
  std::string public_key, device_name, bluetooth_address;
  if (!base::Base64UrlDecode(public_key_b64,
                             base::Base64UrlDecodePolicy::REQUIRE_PADDING,
                             &public_key) ||
      !base::Base64UrlDecode(device_name_b64,
                             base::Base64UrlDecodePolicy::REQUIRE_PADDING,
                             &device_name) ||
      !base::Base64UrlDecode(bluetooth_address_b64,
                             base::Base64UrlDecodePolicy::REQUIRE_PADDING,
                             &bluetooth_address)) {
    return false;
  }

  external_device->set_public_key(public_key);
  external_device->set_friendly_device_name(device_name);
  external_device->set_bluetooth_address(bluetooth_address);
  external_device->set_unlock_key(true);
  external_device->set_unlockable(false);
  return true;
}

}  // namespace

CryptAuthDeviceManager::CryptAuthDeviceManager(
    scoped_ptr<base::Clock> clock,
    scoped_ptr<CryptAuthClientFactory> client_factory,
    CryptAuthGCMManager* gcm_manager,
    PrefService* pref_service)
    : clock_(std::move(clock)),
      client_factory_(std::move(client_factory)),
      gcm_manager_(gcm_manager),
      pref_service_(pref_service),
      weak_ptr_factory_(this) {
  UpdateUnlockKeysFromPrefs();
}

CryptAuthDeviceManager::~CryptAuthDeviceManager() {
  gcm_manager_->RemoveObserver(this);
}

// static
void CryptAuthDeviceManager::RegisterPrefs(PrefRegistrySimple* registry) {
  registry->RegisterDoublePref(prefs::kCryptAuthDeviceSyncLastSyncTimeSeconds,
                               0.0);
  registry->RegisterBooleanPref(
      prefs::kCryptAuthDeviceSyncIsRecoveringFromFailure, false);
  registry->RegisterIntegerPref(prefs::kCryptAuthDeviceSyncReason,
                                cryptauth::INVOCATION_REASON_UNKNOWN);
  registry->RegisterListPref(prefs::kCryptAuthDeviceSyncUnlockKeys);
}

void CryptAuthDeviceManager::Start() {
  gcm_manager_->AddObserver(this);

  base::Time last_successful_sync = GetLastSyncTime();
  base::TimeDelta elapsed_time_since_last_sync =
      clock_->Now() - last_successful_sync;

  bool is_recovering_from_failure =
      pref_service_->GetBoolean(
          prefs::kCryptAuthDeviceSyncIsRecoveringFromFailure) ||
      last_successful_sync.is_null();

  scheduler_ = CreateSyncScheduler();
  scheduler_->Start(elapsed_time_since_last_sync,
                    is_recovering_from_failure
                        ? SyncScheduler::Strategy::AGGRESSIVE_RECOVERY
                        : SyncScheduler::Strategy::PERIODIC_REFRESH);
}

void CryptAuthDeviceManager::AddObserver(Observer* observer) {
  observers_.AddObserver(observer);
}

void CryptAuthDeviceManager::RemoveObserver(Observer* observer) {
  observers_.RemoveObserver(observer);
}

void CryptAuthDeviceManager::ForceSyncNow(
    cryptauth::InvocationReason invocation_reason) {
  pref_service_->SetInteger(prefs::kCryptAuthDeviceSyncReason,
                            invocation_reason);
  scheduler_->ForceSync();
}

base::Time CryptAuthDeviceManager::GetLastSyncTime() const {
  return base::Time::FromDoubleT(
      pref_service_->GetDouble(prefs::kCryptAuthDeviceSyncLastSyncTimeSeconds));
}

base::TimeDelta CryptAuthDeviceManager::GetTimeToNextAttempt() const {
  return scheduler_->GetTimeToNextSync();
}

bool CryptAuthDeviceManager::IsSyncInProgress() const {
  return scheduler_->GetSyncState() ==
         SyncScheduler::SyncState::SYNC_IN_PROGRESS;
}

bool CryptAuthDeviceManager::IsRecoveringFromFailure() const {
  return scheduler_->GetStrategy() ==
         SyncScheduler::Strategy::AGGRESSIVE_RECOVERY;
}

void CryptAuthDeviceManager::OnGetMyDevicesSuccess(
    const cryptauth::GetMyDevicesResponse& response) {
  // Update the unlock keys stored in the user's prefs.
  scoped_ptr<base::ListValue> unlock_keys_pref(new base::ListValue());
  scoped_ptr<base::ListValue> devices_as_list(new base::ListValue());
  for (const auto& device : response.devices()) {
    devices_as_list->Append(UnlockKeyToDictionary(device));
    if (device.unlock_key())
      unlock_keys_pref->Append(UnlockKeyToDictionary(device));
  }
  PA_LOG(INFO) << "Devices Synced:\n" << *devices_as_list;

  bool unlock_keys_changed = !unlock_keys_pref->Equals(
      pref_service_->GetList(prefs::kCryptAuthDeviceSyncUnlockKeys));
  {
    ListPrefUpdate update(pref_service_, prefs::kCryptAuthDeviceSyncUnlockKeys);
    update.Get()->Swap(unlock_keys_pref.get());
  }
  UpdateUnlockKeysFromPrefs();

  // Reset metadata used for scheduling syncing.
  pref_service_->SetBoolean(prefs::kCryptAuthDeviceSyncIsRecoveringFromFailure,
                            false);
  pref_service_->SetDouble(prefs::kCryptAuthDeviceSyncLastSyncTimeSeconds,
                           clock_->Now().ToDoubleT());
  pref_service_->SetInteger(prefs::kCryptAuthDeviceSyncReason,
                            cryptauth::INVOCATION_REASON_UNKNOWN);

  sync_request_->OnDidComplete(true);
  cryptauth_client_.reset();
  sync_request_.reset();
  FOR_EACH_OBSERVER(
      Observer, observers_,
      OnSyncFinished(SyncResult::SUCCESS, unlock_keys_changed
                                              ? DeviceChangeResult::CHANGED
                                              : DeviceChangeResult::UNCHANGED));
}

void CryptAuthDeviceManager::OnGetMyDevicesFailure(const std::string& error) {
  PA_LOG(ERROR) << "GetMyDevices API failed: " << error;
  pref_service_->SetBoolean(prefs::kCryptAuthDeviceSyncIsRecoveringFromFailure,
                            true);
  sync_request_->OnDidComplete(false);
  cryptauth_client_.reset();
  sync_request_.reset();
  FOR_EACH_OBSERVER(
      Observer, observers_,
      OnSyncFinished(SyncResult::FAILURE, DeviceChangeResult::UNCHANGED));
}

scoped_ptr<SyncScheduler> CryptAuthDeviceManager::CreateSyncScheduler() {
  return make_scoped_ptr(new SyncSchedulerImpl(
      this, base::TimeDelta::FromHours(kRefreshPeriodHours),
      base::TimeDelta::FromMinutes(kDeviceSyncBaseRecoveryPeriodMinutes),
      kDeviceSyncMaxJitterRatio, "CryptAuth DeviceSync"));
}

void CryptAuthDeviceManager::OnResyncMessage() {
  ForceSyncNow(cryptauth::INVOCATION_REASON_SERVER_INITIATED);
}

void CryptAuthDeviceManager::UpdateUnlockKeysFromPrefs() {
  const base::ListValue* unlock_key_list =
      pref_service_->GetList(prefs::kCryptAuthDeviceSyncUnlockKeys);
  unlock_keys_.clear();
  for (size_t i = 0; i < unlock_key_list->GetSize(); ++i) {
    const base::DictionaryValue* unlock_key_dictionary;
    if (unlock_key_list->GetDictionary(i, &unlock_key_dictionary)) {
      cryptauth::ExternalDeviceInfo unlock_key;
      if (DictionaryToUnlockKey(*unlock_key_dictionary, &unlock_key)) {
        unlock_keys_.push_back(unlock_key);
      } else {
        PA_LOG(ERROR) << "Unable to deserialize unlock key dictionary "
                      << "(index=" << i << "):\n" << *unlock_key_dictionary;
      }
    } else {
      PA_LOG(ERROR) << "Can not get dictionary in list of unlock keys "
                    << "(index=" << i << "):\n" << *unlock_key_list;
    }
  }
}

void CryptAuthDeviceManager::OnSyncRequested(
    scoped_ptr<SyncScheduler::SyncRequest> sync_request) {
  FOR_EACH_OBSERVER(Observer, observers_, OnSyncStarted());

  sync_request_ = std::move(sync_request);
  cryptauth_client_ = client_factory_->CreateInstance();

  cryptauth::InvocationReason invocation_reason =
      cryptauth::INVOCATION_REASON_UNKNOWN;

  int reason_stored_in_prefs =
      pref_service_->GetInteger(prefs::kCryptAuthDeviceSyncReason);

  // If the sync attempt is not forced, it is acceptable for CryptAuth to return
  // a cached copy of the user's devices, rather taking a database hit for the
  // freshest data.
  bool is_sync_speculative =
      reason_stored_in_prefs != cryptauth::INVOCATION_REASON_UNKNOWN;

  if (cryptauth::InvocationReason_IsValid(reason_stored_in_prefs) &&
      reason_stored_in_prefs != cryptauth::INVOCATION_REASON_UNKNOWN) {
    invocation_reason =
        static_cast<cryptauth::InvocationReason>(reason_stored_in_prefs);
  } else if (GetLastSyncTime().is_null()) {
    invocation_reason = cryptauth::INVOCATION_REASON_INITIALIZATION;
  } else if (IsRecoveringFromFailure()) {
    invocation_reason = cryptauth::INVOCATION_REASON_FAILURE_RECOVERY;
  } else {
    invocation_reason = cryptauth::INVOCATION_REASON_PERIODIC;
  }

  cryptauth::GetMyDevicesRequest request;
  request.set_invocation_reason(invocation_reason);
  request.set_allow_stale_read(is_sync_speculative);
  cryptauth_client_->GetMyDevices(
      request, base::Bind(&CryptAuthDeviceManager::OnGetMyDevicesSuccess,
                          weak_ptr_factory_.GetWeakPtr()),
      base::Bind(&CryptAuthDeviceManager::OnGetMyDevicesFailure,
                 weak_ptr_factory_.GetWeakPtr()));
}

}  // namespace proximity_auth